Bogus emails that trick unsuspecting individuals and businesses into revealing valuable personal and financial information are among the simplest, most common, and costliest cyber-scams.
In "spoofing" or "phishing" scams, as they are known to law enforcement officials, messages are disguised to appear as if they come from trusted, legitimate companies such as online auction sites, your Internet service provider, even City National Bank. Typically, they ask you to click on a link to the company website and confirm or reactivate your account. However, the link actually goes to an impostor or “spoof” site, operated by criminals perpetrating several possible scams, including but not limited to:
- Identity theft – Stealing personal information in order to commit credit card fraud or bank fraud.
- Ransomware – Installing malicious software on the victim’s computer that may lock up their files, and demanding a cash payment in order to unlock the data.
- Phony data breach – An alarming message telling the victim that their computer has been hacked and instructing them to “click here” to fix the problem, or claiming that fraudulent activity has been detected on the account and charges will be assessed if the recipient does not reply immediately.
In addition to email, phishing is sometimes committed via text messages (“SMShing”) or phone calls (“vishing”) directing victims to a bogus website.
Despite advanced spam filters and computer security features, it’s impossible to completely avoid receiving phishing emails. The best defense is awareness.
WHAT CAN YOU DO?
WATCH FOR RED FLAGS
Fraudulent emails may appear to come from a reputable source. This is how spammers and scam artists fool recipients into opening and responding to their solicitations. But check the finer details and you may notice:
- Spoof email addresses: If you notice that the return email address is not the actual email address of the purported sender, that’s a warning sign of a scam. Criminals are sophisticated, so check carefully – sometimes the “spoof” email address is only one or two characters different than the real company’s email address.
- Altered links: Although the link within the email may appear to go to a legitimate site, mousing over it may show that it actually goes to a totally different – and fraudulent – site.
- Misspellings and poor grammar: Many scam emails originate from outside the U.S., and typical red flags include poorly written text and misspelled words. Misspelled company names, typos, and grammatical errors are also employed to avoid detection by spam and email filters.
- Your name is missing: Scam emails may not have the recipient’s actual name; instead they may say “Dear customer” or even “Dear” – with the space for the recipient’s name left blank.
- Wrong information: If you receive an email thanking you for signing up for PayPal, eBay, or another service, but you signed up years ago, or never did, this incorrect information is a red flag for a scam.
BEWARE OF FREE STUFF
If an email offer sounds too good to be true, it probably is. Nigerians (or other countrymen) do not need funds to pay taxes on millions, you have not won a lottery in a foreign country and need to pay taxes, a mystery investor probably does not have "top-secret inside information" that will make investing with him a "can't lose," and there is a good chance that someone acting on behalf of a relative to help with an accident or get them out of jail or a foreign country probably does not know anyone in your family. Never agree to wire funds or send money orders to someone to hold a car, apartment, etc., for a price that is too good to be true.
OTHER THINGS TO WATCH FOR
- Excessive use of "Re: Re: Fw: Fw:" in the email subject line
- ACH or Package Validation request in the email subject line
- Zipped (.zip) file attachments
- Urgent language compelling you to respond
City National's Policy
City National Bank will NEVER ask for personal information through email. Your best protection against fraud is caution.
Do not respond to any message asking for the following: